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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 03 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 14 September 2007 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-4.6-13. 15-22 and 24-27 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 1-4.6-13.15-22 and 24-27 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) Is objected to. See 37 CFR 1.121 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20071125 



Application/Control Number: 10/727,322 
Art Unit: 2136 



Page 2 



DETAILED ACTION 



1. 



This office action is in response to communications filed on 09/14/2007. 



2. 



Claims 1- 4, 6-13, 15-22 and 24-27 have been presented for examination. 



3. 



Claims 1- 4, 6-13, 15-22 and 24-27 have been rejected. 



Response to Arguments 



4. The applicant's arguments regarding the previous 35 USC 101 type rejections are fully 
considered and found persuasive, therefore, the previous 35 USC 101 type rejections of 
claims 10-18 are withdrawn. 

5. The applicant's arguments regarding the previous 35 USC 102 type rejections are 
fully considered, however, these arguments are moot in view of newly found ground of 
rejection (please see below for detail). 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that 
the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 



6. Claims 1- 4, 6-13, 15-22 and 24-27 are rejected under 35 USC 103 (a) as being 
unpatentable over Wood et al (US 6668322 Bl) in view of Low et al ( US 6996605 B2) 



Claim Rejections - 35 USC § 103 



further in view of Hmtonetal (US 6993596 B2). 
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Regarding claim 1 and 19, Wood et al discloses a method/ system for managing 
multiple user identities for a user of an electronic commerce (e-commerce) site, the method 
comprising: 

defining the e-commerce site as a plurality of security domains (Col 13, lines 1-20; 
Col 15, starting at line 9; security architecture; controlling access to several/ multi level 
domains); and 

in response to a user's request to invoke an operation of the e-commerce site: 
determining a security domain of the plurality of security domains to which the 
operation relates (Fig 4.410: domainld; Col 13, lines 1-20; Col 15, starting at line 9; Col 16, 
starting at line 35; session credentials/ tokens for persistent/ subsequent sessions; accessing 
resources in several/ multi level domains) ; and 

reusing the session for the user automatically in accordance with the determined 
security domain, the selected session being associated with a user identity and a role, the 
user identity and role together indicating privileges for invoking operations of the e- 
commerce site in at least the determined security domain; and persisting said session for 
reuse (Col 11, starting at line 11; Col 16, starting at line 50; session creation; Col 8, starting 
at line 9; Col 13, starting at line 5; Col 15, starting at line 8; Col 16, starting at line 35; Claim 
1,12; session credentials/ tokens for persistent/ subsequent sessions). 

Wood et al fails to disclose selecting a session from a plurality of sessions persisted 
for the user based on the determined security domain. 
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However, Low et al discloses selecting a session from a plurality of sessions persisted 
for the user (Col 2, line 6 -42; Col 13, line 15-67; Claims 1-13; user selecting a session to 
join from plurality of sessions), and 

Hinton et al discloses selecting a session persisted for the user based on the 
determined security domain (Col 5, line 1 - Col 8, line 67; Claims 1-9; user selecting one of 
multiple sessions related to multiple security domain; vouching affiliated domain identity for 
session authentication). Hinton et al further discloses determining a security domain of the 
plurality of security domains to which the operation relates (Col 17, line 10 to Col 19, line 
30; using user identity and/ or role, and domain ID) and the selected session being 
associated with a user identity and a role, the user identity and role together indicating 
privileges for invoking operations of the e-commerce site in at least the determined security 
domain (Col 17, line 10 to Col 19, line 30). 

Hinton et al , Low et al and Wood et al are analogous art because they are from the 
same field of endeavor of session management. At the time of invention it would have been 
obvious to a person of ordinary skill in the art to combine the teaching of Hinton et al or 
Low et al with Wood et al to design a method further comprising the step of selecting a 
session from a plurality of sessions persisted for the user based on the determined security 
domain in order to provide user with multiple session access. 
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Regarding claim 10, it is rejected applying as above rejecting claim 1, furthermore, 
Wood et al discloses a computer readable medium tangibly embodying computer executable 
code for managing multiple user identities for a user of an electronic commerce (e- 
commerce) site defined using the plurality of security domains, wherein the computer 
executable code, when executed on a computing device , causes the computing device to: 

in response to a user's request to invoke an operation of the e-commerce site (Fig 2; 
operations after step 201: access requests; Col 6, line 44-56; Col 15, starting at line 8; 
handling access requests; resource identification): 

determining a security domain of the plurality of the security domains to which the 
operation relates (Fig 4.410: domainld; Col 13, lines 1-20; Col 15, starting at line 9; 
accessing resources in several/ multi level domains); 

reusing the session for the user automatically in accordance with the determined 
security domain, the selected session being associated with a user identity and a role, the 
user identity and role together indicating privileges for invoking operations of the e- 
commerce site in at least the determined security domain; and persisting said session for 
reuse (Col 11, starting at line 11; Col 16, starting at line 50; session creation; Col 8, starting 
at line 9; Col 13, starting at line 5; Col 15, starting at line 8; Col 16, starting at line 35; Claim 
1,12; session credentials/ tokens for persistent/ subsequent sessions). 

Wood et al fails to disclose selecting a session from a plurality of sessions persisted 
for the user based on the determined security domain. 
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However, Low et al discloses selecting a session from a plurality of sessions persisted 
for the user (Col 2, line 6 -42; Col 13, line 15-67; Claims 1-13; user selecting a session to 
join from plurality of sessions), and 

Hintonetal discloses selecting a session persisted for the user based on the 
determined security domain (Col 5, line 1 - Col 8, line 67; Claims 1-9; user selecting one of 
multiple sessions related to multiple security domain; vouching affiliated domain identity for 
session authentication). Hinton et al further discloses determining a security domain of the 
plurality of security domains to which the operation relates (Col 17, line 10 to Col 19, line 
30; using user identity and/ or role, and domain ID) and the selected session being 
associated with a user identity and a role, the user identity and role together indicating 
privileges for invoking operations of the e-commerce site in at least the determined security 
domain (Col 17, line 10 to Col 19, line 30). 

Regarding claim 2, it is rejected applying as above rejecting claim 1, furthermore, 
Wood et al discloses the method comprising invoking the requested operation with the user 
identity and the role of the selected session (Col 10, starting at line 63; Col 16, starting at 
line 35, session objects; access requests). 

Furthermore, Hinton et al discloses invoking the requested operation with the user 
identity and the role of the selected session (Col 17, line 40 to Col 19, line 30; using 
identity, and selected ecommunity ID in request). 
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Regarding claim 5, it is rejected applying as above rejecting claim 2, furthermore, 
Wood et al discloses the method wherein the selected session comprises information 
indicating at least one of: the user preference's for invoking operations at the e-commerce 
site; the user's preferences for invoking operations at least the determined security domain 
(Col 12, starts at line 66; Col 15, starting at line 9; resource identification: session tokens for 
several domains); and a security signature for authenticating the selected session 
information (Col 14, starting at line 60; assigning signed/ cryptographically secured session 
credentials for different sessions/ domains). 

Furthermore, Hinton et al discloses the user preference's for invoking operations at 
the e-commerce site; the user's preferences for invoking operations at least the determined 
security domain (Col 17, line 40 to Col 19, line 30; using identity, and selected ecommunity 
ID in request). 

Regarding claim 4, it is rejected applying as above rejecting claim 1, furthermore, 
Wood et al discloses the method comprising evaluating the requested operation to determine 
an operation type and wherein said step of performing is performed in accordance with the 
operation type (Col 15, starting at line 9; accessing requested resources). 

Regarding claim 6, it is rejected applying as above rejecting claim 4, furthermore, 
Wood et al discloses the method wherein the user identity is associated with an identity 
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type for permitting the invocation of operations; wherein said method comprises receiving 
the user's request in association with the plurality of sessions persisted for the user and 
retrieving a user identity for the determined security domain from said plurality of sessions; 
and wherein said performing is performed in response to the identity type of the retrieved 
user identity (Col 3, starting at line 1; Col 10 3 starting at line 48; Col 16, starting at line 35; 
Claim 1,12; session credentials/ tokens for persistent/ subsequent sessions; Claims 1,12; 
session credential including user identifying information; session continuity; requests). 

Regarding claim 7, Wood et al discloses the method wherein said step of persisting 
comprises providing one or more cookies defining the session to the user for associating with 
a subsequent request (Col 8, starting at line 9; Col 13, starting at line 5; Col 15, starting at 
line 8; Col 16, starting at line 35; session credentials/ cookies/ tokens for persistent/ 
subsequent sessions). 

Regarding claim 8, Wood et al discloses the method wherein the cookies comprise 
an authentication cookie and a session cookie; and wherein the method comprises 
authenticating the user's request (Fig 4.410, 420; encrypted login and session credentials/ 
cookie; Col 9 lines 6-15; Col 14, starting at line 21; claim 23, 24; multiple secured 
credentials ). 
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Regarding claim 9, Wood et al discloses the method comprising: defining each of the 
one or more security domains as a hierarchy of organizations and assets owned by the 
organizations; and wherein said determining the security domain of the plurality of the 
security domains to which the operation relates comprises evaluating the user's request in 
accordance with the hierarchy (Col 15, starting at line 8; domain level credentials). 

Furthermore, Hinton et al discloses defining each of the one or more security 
domains as a hierarchy of organizations and assets owned by the organizations; and wherein 
said determining the security domain of the plurality of the security domains to which the 
operation relates comprises evaluating the user's request in accordance with the hierarchy 
(Col 17, line 10 to Col 19, line 30). 

Regarding claim 20, Wood et al discloses the system wherein the identity manager 
component is adapted to invoke said requested operation with said user identity and role of 
the session (Fig 1: Gatekeeper; Fig 3A:321, central security architecture). 

Regarding claims 11-13 and 15-18, they recite the limitations of claims 1-10, 
therefore, they are rejected applying as above rejecting claims 1-10. 

Regarding claims 21-22 and 24-27, they recite the limitations of claims 1-10 and 20, 
therefore, they are rejected applying as above rejecting claims 1-10 and 20. 
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Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until 
after the end of the THREE-MONTH shortened statutory period, then the shortened statutory 
period will expire on the date the advisory action is mailed, and any extension fee pursuant 
to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no 
event, however, will the statutory period for reply expire later than SIX MONTHS from the 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shanto M Z Abedin whose telephone number is 571-272- 
3551. The examiner can normally be reached on M-F from 9:00 AM to 5:30 PM. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Moazzami 
Nasser, can be reached on 571-272-4195. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. For more information about the PAIR 
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system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Shanto M Z Abedin 

Examiner, AU2136 



NASSER MOAZZAMI 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




